DEKRA Audit Netherlands

Do you want to show that your organization works with modern IT systems and smart data management?

DEKRA Audit Netherlands

Do you want to show that your organization works with modern IT systems and smart data management?

DEKRA Audit Netherlands

Do you want to show that your organization works with modern IT systems and smart data management?

DEKRA Audit Netherlands

Do you want to show that your organization works with modern IT systems and smart data management?

HomepageServicesAuditManagement systemsInformation security

ISO 27001 certification

Reliable information security with ISO 27001

Outdated technology, misusing IT or malware infections. These can all lead to cybercrime, IT failures, espionage and data misuse. How should you implement a strong information security strategy? ISO 27001 certification gives you this opportunity, letting you protect confidential information in your organization. DEKRA is happy to test your organization against the international ISO/IEC 27001 standards.

The ISO 27001 certification is for every organization that wants to demonstrate that it handles confidential information securely, with integrity and reliability. With an ISO 27001 certification you meet the expectations of customers and stakeholders. Do you operate in accordance with this standard? That means you are taking account of all the relevant information security risks. You are implementing technical and organizational measures to manage confidential data securely. Efficient and reliable cooperation between technical solutions and organizational processes is necessary. Only then will you achieve the level of security that meets the requirements of modern standards.

Benefits of ISO IEC 27001 certification

protection of confidential data and information
identification and reduction of threats to your organization
protection of the trust of clients and business partners
strengthening of competitiveness
reduction of business and liability risks

The ISO 27001 certification process

The ISO IEC 27001 audit comprises two phases. In the first, DEKRA checks the ISMS documentation and we determine whether your organization is ready for phase 2 of the certification.

Phase 1

The ISO 27001 certification process also includes a preparatory phase, which occurs before the actual audit. The phase has nine steps:

1. Determine the scope of information security for your management system (ISMS).
2. Determine the information security objectives.
3. Develop a methodology for risk assessment and risk treatment.
4. Establish a statement of applicability (SoA).
5. Draw up a risk management plan and risk assessment report.
6. Establish security roles and responsibilities.
7. Draw up a resource list for technical measures.
8. Ensure acceptable use of resources.
9. Establish guidelines, for example for access control in accordance with Annex A of ISO 27001.

Phase 2

We assess the effectiveness of the ISMS in the second phase. Our auditors record the findings of the audit in a report. If the results are positive, you will receive the ISO 27001 certificate for a period of up to three years. We conduct a first follow-up audit within a year of the first one, then conduct the second one the following year. After three years recertification follows, with annual follow-up audits.

People Based Auditing (PBA)

In our audit process we always pay attention to the human factor. They determine how they implement the processes, systems and working methods. We call our working method People Based Auditing. A standard added value to our certification of ISO and HKZ Zorg en Welzijn. More about People Bases Auditing

Why DEKRA?

Experienced market leader

Our experts have many years of experience in information security and certification of management systems. DEKRA is operating in over 60 countries and our certificates are recognized worldwide.

Extensive portfolio

With us you can also combine the ISO 27001 standard with others, e.g., with NEN 7510, ISO 20000-1 or ISO 9000. This lets us carry out audits efficiently, saving you time and money.

People Based Auditing

We audit with recognition of the people in your organization. We call this People-Based Auditing.

New version ISO 27001 2022

A new version of ISO 27001 was released on 25 October 2022: ISO/IEC 27001:2022. DEKRA is accredited for this by the RvA:

The standard is structured according to the Harmonized Structure
Annex A of the standard is divided into 4 chapters (according to ISO/IEC 27002:2022):
- A. organizational measures
- B. personnel measures
- C. physical measures
- D. technological measures

NEN-EN-ISO/IEC 27001:2023

In July 2023, the international version ISO/IEC 27001:2022 was approved specifically for Europe as NEN-EN-ISO/IEC 27001:2023. The difference is mainly in the preface added to the European version, while the content is otherwise the same as the international standard. ISO 27001:2023 does not affect existing certificates that have been obtained or will be issued according to ISO 27001:2022.

ISO 27001 certification guide

Access the most important information and a checklist for your ISO 27001 certification with our ultimate guide.

Book a free session with our expert

Would you like to know how a DEKRA audit takes your organization to a higher level? We are happy to help you! Fill in the form below to get in touch with an ISO 27001 expert to discuss the process and ask questions about the audit.

Do you have a question? Get in touch with one of our experts

Henry Dwars

DEKRA Audit Sales

Meander 1051

6825 MJ Arnhem

Directions / route

+31 88 968 3458
Get in touch

Q&A: ISO 27001 in brief

ISO 27001 is an international standard for protecting privacy-sensitive information. It shows that your organization handles data and information securely.

The ISO 27001 standard is for all organizations managing or processing confidential data, irrespective of the organization’s size, location or activities. Complying with the standard demonstrates that confidential data is in safe hands in your organization.

The cost of ISO 27001 certification varies depending on factors such as the size and complexity of your organization, the number of employees, and the scope of the audit. Want to know more about ISO 27001 certification costs?

The ISO 27001 certification process lasts six to nine months. It consists of the following steps:

1. In phase 1 we audit the documentation. Here we consider your risk analysis, for example.
2. In phase 2 we audit the implementation. For example, we consider the effective operation of the management system.
3. If our assessment is positive, you receive the certificate.
4. We conduct follow-up audits annually.
5. A recertification follows after three years.

Want to know more?

Yes, you can easily combine ISO 27001 with other ISO standards. For example, with NEN 7510, ISO 9001, ISO 20000-1, and ISO 14001.This is due to the Harmonized Structure (HS) of these standards. DEKRA is happy to perform this combination for you.

Yes, you can supplement ISO 27001 with IT audits, e.g. with hallmark quality mark pentesting, ISAE 3402 or ISAE 3000 declarations. DEKRA is happy to conduct these IT audits for you.

DEKRA provides solutions for auditing and certification in the Netherlands. We audit and certify against various international and sector-specific standards, encompassing quality, safety, environment, sustainability and information security. We also provide customized assessments and organize training and workshops. Finally, we certify individuals in terms of quality and safety. Our services offer clients a reliable and solid basis for growth.